1. If your IIS server is version 8 or later, add the IIS server role and role services.
    1. In Server Manager, on the Manage menu, click Add Roles and Features.
    2. In the Add Roles and Features Wizard, on the Before You Begin tab, click Next.
    3. On the Installation Type tab, select Role-based or feature-based installation. Click Next.
    4. On the Server Selection tab, select the IIS server. Click Next.
    5. On the Server Roles page, select Web Server (IIS).
    6. On the Features tab, click Next.
    7. On the Web Server Role (IIS) > Role Services tab, in Web Server > Application Development , select .NET 3.5 Extensibility and .NET 4.6 Extensibility.

      Depending on your version of Windows, you might need to select .NET 4.5 Extensibility or .NET 4.7 Extensibility.

    8. If you receive a message that asks you to add features that are required for Web Server (IIS), click Add Features.
    9. Click Next.
    10. On the Confirmation tab, check that the configuration is correct. Click Install.

      This step can take several minutes.

    11. Once the installation is complete, click Close.
  2. Deploy the OpenToken IIS Agent.
    1. Extract the IIS Integration Kit distribution file on the IIS server, and then go to dist/(x86) or dist/(x64).
    2. Run setup.exe to install the OpenToken HTTP Module into the Windows Global Assembly Cache.
    3. If your IIS server is version 7, register IIS with .NET Framework 4.0 by entering the following command at the Windows command prompt:

      <Windows_install>\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis -iru

    4. Move the agent-config.txt that you exported in Configuring an OpenToken SP Adapter instance to C:\Program Files\Ping Identity Corporation\OpenToken IIS Agent(n-bit)\conf or your equivalent.
  3. Configure the OpenToken IIS Agent properties file.
    1. Open C:\Program Files\Ping Identity Corporation\OpenToken IIS Agent(n-bit)\conf\pfisapi.conf for editing.
    2. Configure it to suit your environment based on the property descriptions in the file.
    3. If you use IIS to protect multiple sites on the same domain, set SameSiteCookie=None and SecureCookie=YES.
    4. Save the file.
    5. If you backed up a previous copy of the file in Upgrading an existing deployment, refer to that file to add new properties and restore your previous settings.
    6. Restart IIS.

    You can test your configuration by deploying the sample application (PFIsapiSample) that is included in the installation. See C:\Program Files\Ping Identity Corporation\OpenToken IIS Agent(n-bit)\samples or your equivalent.